Biblio

Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques suffer from the pressing problems of password dependency and inability to bind access requests to the “things” from which they originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal Composability Framework. A prototype of the protocol has been implemented to realize a secured video surveillance camera using a combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT node. We show, though the stand-alone video camera can be subjected to man-in-the-middle attack via IP-spoofing using standard network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT infrastructure making the protocol deployable for the industry.

This paper provides hardware-independent authentication named as Intelligent Authentication Scheme, which rectifies the design weaknesses that may be exploited by various security attacks. The Intelligent Authentication Scheme protects against various types of security attacks such as password-guessing attack, replay attack, streaming bots attack (denial of service), keylogger, screenlogger and phishing attack. Besides reducing the overall cost, it also balances both security and usability. It is a unique authentication scheme.

To prevent unauthorized access to adversaries, strong authentication scheme is a vital security requirement in client-server inter-networking systems. These schemes must verify the legitimacy of such users in real-time environments and establish a dynamic session key fur subsequent communication. Of late, T. H. Chen and J. C. Huang proposed a two-factor authentication framework claiming that the scheme is secure against most of the existing attacks. However we have shown that Chen and Huang scheme have many critical weaknesses in real-time environments. The scheme is prone to man in the middle attack and information leakage attack. Furthermore, the scheme does not provide two essential security services such user anonymity and session key establishment. In this paper, we present an enhanced user participating authenticating scheme which overcomes all the weaknesses of Chen et al.'s scheme and provide most of the essential security features.

In this research, we present identity verification using the “Bundled CAPTCHA OTP” instead of using the traditional password. This includes a combination of CAPTCHA and One Time Password (OTP) to reduce processing steps. Moreover, a user does not have to remember any password. The Bundled CAPTCHA OTP which is the unique random parameter for any login will be used instead of a traditional password. We use an e-mail as the way to receive client-side the Bundled CAPTCHA OTP because it is easier to apply without any problems compare to using mobile phones. Since mobile phones may be crashing, lost, change frequently, and easier violent access than e-mail. In this paper, we present a processing model of the proposed system and discuss advantages and disadvantages of the model.

Mobile crowd sensing (MCS) is a rapidly developing technique for information collection from the users of mobile devices. This technique deals with participants' personal information such as their identities and locations, thus raising significant security and privacy concerns. Accordingly, anonymous authentication schemes have been widely considered for preserving participants' privacy in MCS. However, mobile devices are easy to lose and vulnerable to device capture attacks, which enables an attacker to extract the private authentication key of a mobile application and to further invade the user's privacy by linking sensed data with the user's identity. To address this issue, we have devised a special anonymous authentication scheme where the authentication request algorithm can be obfuscated into an unintelligible form and thus the authentication key is not explicitly used. This scheme not only achieves authenticity and unlinkability for participants, but also resists impersonation, replay, denial-of-service, man-in-the-middle, collusion, and insider attacks. The scheme's obfuscation algorithm is the first obfuscator for anonymous authentication, and it satisfies the average-case secure virtual black-box property. The scheme also supports batch verification of authentication requests for improving efficiency. Performance evaluations on a workstation and smart phones have indicated that our scheme works efficiently on various devices.

Advances in technology have enabled tremendous progress in the development of a highly connected ecosystem of ubiquitous computing devices collectively called the Internet of Things (IoT). Ensuring the security of IoT devices is a high priority due to the sensitive nature of the collected data. Physically Unclonable Functions (PUFs) have emerged as critical hardware primitive for ensuring the security of IoT nodes. Malicious modeling of PUF architectures has proven to be difficult due to the inherently stochastic nature of PUF architectures. Extant approaches to malicious PUF modeling assume that a priori knowledge and physical access to the PUF architecture is available for malicious attack on the IoT node. However, many IoT networks make the underlying assumption that the PUF architecture is sufficiently tamper-proof, both physically and mathematically. In this work, we show that knowledge of the underlying PUF structure is not necessary to clone a PUF. We present a novel non-invasive, architecture independent, machine learning attack for strong PUF designs with a cloning accuracy of 93.5% and improvements of up to 48.31% over an alternative, two-stage brute force attack model. We also propose a machine-learning based countermeasure, discriminator, which can distinguish cloned PUF devices and authentic PUFs with an average accuracy of 96.01%. The proposed discriminator can be used for rapidly authenticating millions of IoT nodes remotely from the cloud server.

Authentication is a process that provides access control of any type of computing applications by inspecting the user's identification with the database of authorized users. Passwords play the vital role in authentication mechanism to ensure the privacy of the information and avert from the illicit access. Password based authentication mechanism suffers from many password attacks such as shoulder surfing, brute forcing and dictionary attacks that crack the password of authentication schema by the adversary. Key Stroke technique, Click Pattern technique, Graphichical Password technique and Authentication panel are the several authentication techniques used to resist the password attacks in the literature. This research study critically reviews the types of password attacks and proposes a matrix based secure authentication mechanism which includes three phases namely, User generation phase, Matrix generation phase and Authentication phase to resist the existing password attacks. The performance measure of the proposed method investigates the results in terms existing password attacks and shows the good resistance to password attacks in any type of computing applications.

Nowadays, multimedia content retrieval has become the major service requirement of the Internet and the traffic of these contents has dominated the IP traffic. To reduce the duplicated traffic and improve the performance of distributing massive volumes of multimedia contents, in-network caching has been proposed recently. However, because in-network content caching can be directly utilized to respond users' requests, multimedia content retrieval is beyond content providers' control and makes it hard for them to implement access control and service accounting. In this paper, we propose an attribute-based accountable access control scheme for multimedia content distribution while making the best of in-network caching, in which content providers can be fully offline. In our scheme, the attribute-based encryption at multimedia content provider side and access policy based authentication at the edge router side jointly ensure the secure access control, which is also efficient in both space and time. Besides, secure service accounting is implemented by letting edge routers collect service credentials generated during users' request process. Through the informal security analysis, we prove the security of our scheme. Simulation results demonstrate that our scheme is efficient with acceptable overhead.

IoT middleware is an additional layer between IoT devices and the cloud applications that reduces computation and data handling on the cloud. In a typical IoT system model, middleware primarily connects to different IoT devices via IoT gateway. Device data stored on middleware is sensitive and private to a user. Middleware must have built-in mechanisms to address these issues, as well as the implementation of user authentication and access control. This paper presents the current methods used for access control on middleware and introduces Attribute-based encryption (ABE) on middleware for access control. ABE combines access control with data encryption for ensuring the integrity of data. In this paper, we propose Ciphertext-policy attribute-based encryption, abbreviated CP-ABE scheme on the middleware layer in the IoT system architecture for user access control. The proposed scheme is aimed to provide security and efficiency while reducing complexity on middleware. We have used the AVISPA tool to strengthen the proposed scheme.

Modern cloud applications can consist of hundreds of services with thousands of instances. In order to solve the problems of interservice interaction in this highly dynamic environment, an additional software infrastructure layer called service mesh is introduced. This layer provides a single point of interaction with the network for each service. Service mesh mechanisms are responsible for: load balancing, processing of network requests, service discovery, authentication, authorization, etc. However, the following questions arise: complex key management, fine-grained access control at the application level, confidentiality of data and many-to-many communications. It is possible to solve these problems with Attribute-based encryption (ABE) methods. This paper presents an abstract model of a service mesh and a protocol for interservice communications, which uses ABE for authorization and confidentiality of the messages.

In this paper, we propose a conditional privacy-preserving authentication scheme based on pseudonyms and (t,n) threshold secret sharing, named CPPT, for vehicular communications. To achieve conditional privacy preservation, our scheme implements anonymous communications based on pseudonyms generated by hash chains. To prevent bad vehicles from conducting framed attacks on honest ones, CPPT introduces Shamir (t,n) threshold secret sharing technique. In addition, through two one-way hash chains, forward security and backward security are guaranteed, and it also optimize the revocation overhead. The size of certificate revocation list (CRL) is only proportional to the number of revoked vehicles and irrelated to how many pseudonymous certificates are held by the revoked vehicles. Extensive simulations demonstrate that CPPT outperforms ECPP, DCS, Hybrid and EMAP schemes in terms of revocation overhead, certificate updating overhead and authentication overhead.

With the rapid development of micro-electronics and Information and Communication Technology (ICT), users can utilize various service such as Internet of Things(IoT), smart-healthcare and smart-home using wearable devices. However, the sensitive information of user are revealed by attackers because the medical services are provided through open channel. Therefore, secure mutual authentication and key establishment are essential to provide secure services for legitimate users in Wireless Body Area Networks(WBAN). In 2019, Gupta et al. proposed a lightweight anonymous user authentication and key establishment scheme for wearable devices. We demonstrate that their scheme cannot withstand user impersonation, session key disclosure and wearable device stolen attacks. We also propose a secure and lightweight mutual authentication and key establishment scheme using wearable devices to resolve the security shortcomings of Gupta et al.'s scheme. The proposed scheme can be suitable to resource-limited environments.

Vehicular ad hoc networks (VANETs) have been growing rapidly because it can improve traffic safety and efficiency in transportation. In VANETs, messages are broadcast in wireless environment, which is vulnerable to be attacked in many ways. Accordingly, it is essential to authenticate the legitimation of vehicles to guarantee the performance of services. In this paper, we propose an anonymous conditional privacy-preserving authentication scheme based on message authentication code (MAC) for VANETs. With verifiable secret sharing (VSS), vehicles can obtain a group key for message generation and authentication after a mutual authentication phase. Security analysis and performance evaluation show that the proposed scheme satisfies basic security and privacy-preserving requirements and has a better performance compared with some existing schemes in terms of computational cost and communication overhead.

In 2008, 3GPP proposed the Long Term Evolution (LTE) in version 8. The standard is used in high-speed wireless communication standard for mobile terminal in telecommunication. It supports subscribers to access internet via specific base station after authentication. These authentication processes were defined in standard TS33.401 and TS33.102 by 3GPP. Authenticated processing standard inherits the authentication and key agreement protocol in RFC3310 and has been changed into authenticated scheme suitable for LTE. In the origin LTE authenticated scheme, subscribers need to transfer its International Mobile Subscriber Identity (IMSI) with plaintext. The IMSI might be intercepted and traced by fake stations. In this work, we propose a new scheme with a pseudo IMSI so that fake stations cannot get the real IMSI and trace the subscriber. The subscriber can keep anonymous and be confirmed by the base station for the legality. The pseudo identity is unlinkable to the subscriber. Not only does the proposed scheme enhance the security but also it just has some extra costs for signature generation and verification as compared to the original scheme.

We propose a construction of an attribute-based authentication scheme (ABAuth). Our ABAuth is a challenge-and-response protocol which uses an attribute-based key-encapsulation mechanisum (ABKEM). The ABKEM is basically the one proposed by Ostrovsky-Sahai-Waters (ACM-CCS 2007), but in contrast to the original ABKEM our ABKEM is based on an asymmetric bilinear map for better computational efficiency. We also give a proof of one-way-CCA security of ABKEM in the asymmetric case, which leads to concurrent man-in-the-middle security of ABAuth. We note that the selective security is often enough for the case of authentication in contrast to the case of encryption. Then we evaluate our ABAuth by implementation as well as by discussion. We use the TEPLA library TEPLA for the asymmetric bilinear map that is Type-3 pairing on the BN curve.

This paper investigates the physical layer (PHY-layer) authentication that exploits channel state information (CSI) to enhance multiple-input multiple-output orthogonal frequency division multiplexing (MIMO-OFDM) system security by detecting spoofing attacks in wireless networks. A multi-user authentication system is proposed using convolutional neural networks (CNNs) which also can distinguish spoofers effectively. In addition, the mini batch scheme is used to train the neural networks and accelerate the training speed. Meanwhile, L1 regularization is adopted to prevent over-fitting and improve the authentication accuracy. The convolutional-neural-network-based (CNN-based) approach can authenticate legitimate users and detect attackers by CSIs with higher performances comparing to traditional hypothesis test based methods.

As the technological progress of mobile Internet, smartphone based on Android OS accounts for the vast majority of market share. The traditional encryption technology cannot resolve the dilemma in smartphone information leakage, and the Android-based authentication system in view of biometric recognition emerge to offer more reliable information assurance. In this paper, we summarize several biometrics providing their attributes. Furthermore, we also review the algorithmic framework and performance index acting on authentication techniques. Thus, typical identity authentication systems including their experimental results are concluded and analyzed in the survey. The article is written with an intention to provide an in-depth overview of Android-based biometric verification systems to the readers.

Road accidents are challenging threat in the present scenario. In India there are 5, 01,423 road accidents in 2015. A day 400 hundred deaths are forcing to India to take car safety sincerely. The common cause for road accidents is driver's distraction. In current world the people are dominated by the tablet PC and other hand held devices. The VANET technology is a vehicle-to-vehicle communication; here the main challenge will be to deliver qualified communication during mobility. The paper proposes a standard new restricted lightweight authentication protocol utilizing key agreement theme for VANETs. Inside the planned topic, it has three sorts of validations: 1) V2V 2) V2CH; and 3) CH and RSU. Aside from this authentication, the planned topic conjointly keeps up mystery keys between RSUs for the safe communication. Thorough informal security analysis demonstrates the planned subject is skilled to guard different malicious attack. In addition, the NS2 Simulation exhibits the possibility of the proposed plan in VANET background.

Vehicle ad-hoc network (VANET) is the main driving force to alleviate traffic congestion and accelerate the construction of intelligent transportation. However, the rapid growth of the number of vehicles makes the construction of the safety system of the vehicle network facing multiple tests. This paper proposes an identity-based aggregate signature scheme to protect the privacy of vehicle identity, receive messages in time and authenticate quickly in VANET. The scheme uses aggregate signature algorithm to aggregate the signatures of multiple users into one signature, and joins the idea of batch authentication to complete the authentication of multiple vehicular units, thereby improving the verification efficiency. In addition, the pseudoidentity of vehicles is used to achieve the purpose of vehicle anonymity and privacy protection. Finally, the secure storage of message signatures is effectively realized by using reliable cloud storage technology. Compared with similar schemes, this paper improves authentication efficiency while ensuring security, and has lower storage overhead.

People increasingly rely on mobile devices for banking transactions or two-factor authentication (2FA) and thus trust in the security provided by the underlying operating system. Simultaneously, jailbreaks gain tremendous popularity among regular users for customizing their devices. In this paper, we show that both do not go well together: Jailbreaks remove vital security mechanisms, which are necessary to ensure a trusted environment that allows to protect sensitive data, such as login credentials and transaction numbers (TANs). We find that all but one banking app, available in the iOS App Store, can be fully compromised by trivial means without reverse-engineering, manipulating the app, or other sophisticated attacks. Even worse, 44% of the banking apps do not even try to detect jailbreaks, revealing the prevalent, errant trust in the operating system's security. This study assesses the current state of security of banking apps and pleads for more advanced defensive measures for protecting user data.

Internet of Things (IoT) is a fairly disruptive technology with inconceivable growth, impact, and capability. We present the role of REST API in the IoT Systems and some initial concepts of IoT, whose technology is able to record and count everything. We as well highlight the concept of middleware that connects these devices and cloud. The appearance of new IoT applications in the cloud has brought new threats to security and privacy of data. Therefore it is required to introduce a secure IoT system which doesn't allow attackers infiltration in the network through IoT devices and also to secure data in transit from IoT devices to cloud. We provide the details on how Representational State Transfer (REST) API allows to securely expose connected devices to applications on cloud and users. In the proposed model, middleware is primarily used to expose device data through REST and to hide details and act as an interface to the user to interact with sensor data.

Technologies such as Industry 4.0 or assisted/autonomous driving are relying on highly customized cyber-physical realtime systems. Those systems are designed to match functional safety regulations and requirements such as EN ISO 13849, EN IEC 62061 or ISO 26262. However, as systems - especially vehicles - are becoming more connected and autonomous, they become more likely to suffer from new attack vectors. New features may meet the corresponding safety requirements but they do not consider adversaries intruding through security holes with the purpose of bringing vehicles into unsafe states. As research goal, we want to bridge the gap between security and safety in cyber-physical real-time systems by investigating real-time-aware intrusion-tolerant architectures for automotive use-cases.

In a computer world, to identify anyone by doing a job or to authenticate by checking their identification and give access to computer. Access Control model comes in to picture when require to grant the permissions to individual and complete the duties. The access control models cannot give complete security when dealing with cloud computing area, where access control model failed to handle the attributes which are requisite to inhibit access based on time and location. When the data outsourced in the cloud, the information holders expect the security and confidentiality for their outsourced data. The data will be encrypted before outsourcing on cloud, still they want control on data in cloud server, where simple encryption is not a complete solution. To irradiate these issues, unlike access control models proposed Attribute Based Encryption standards (ABE). In ABE schemes there are different types like Key Policy-ABE (KP-ABE), Cipher Text-ABE (CP-ABE) and so on. The proposed method applied the access control policy of CP-ABE with Advanced Encryption Standard and used elliptic curve for key generation by using multi stage encryption which divides the users into two domains, public and private domains and shuffling the data base records to protect from inference attacks.

In cloud computing environment, there are malignant nodes which create a huge problem to transfer data in communication. As there are so many models to prevent the data over the network, here we try to prevent or make secure to the network by avoiding mallicious nodes in between the communication. So the probabiliostic approach what we use here is a coherent tool to supervise the security challenges in the cloud environment. The matter of security for cloud computing is a superficial quality of service from cloud service providers. Even, cloud computing dealing everyday with new challenges, which is in process to well investigate. This research work draws the light on aspect regarding with the cloud data transmission and security by identifying the malignanat nodes in between the communication. Cloud computing network shared the common pool of resources like hardware, framework, platforms and security mechanisms. therefore Cloud Computing cache the information and deliver the secure transaction of data, so privacy and security has become the bone of contention which hampers the process to execute safely. To ensure the security of data in cloud environment, we proposed a method by implementing white box cryptography on RSA algorithm and then we work on the network, and find the malignant nodes which hampering the communication by hitting each other in the network. Several existing security models already have been deployed with security attacks. A probabilistic authentication and authorization approach is introduced to overcome this attack easily. It observes corrupted nodes before hitting with maximum probability. here we use a command table to conquer the malignant nodes. then we do the comparative study and it shows the probabilistic authentication and authorization protocol gives the performance much better than the old ones.

Identity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital identity. Therefore, the identity provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service providers. We propose a novel attribute aggregation method to reduce the reliance on one identity provider. Trust in an attribute is modelled as a combined assurance of several identity providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign identity solutions. Thereby, we devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.